Ubuntu
vlc package

heap overflow in CDG decoder and XML heap corruption

Bug #707154 reported by Benjamin Drung
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vlc (Ubuntu)
Fix Released
Undecided
Unassigned
Lucid
Fix Released
Undecided
Unassigned
Maverick
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: vlc

There are two security bugs:
* heap overflows in CDG decoder
* heap corruption in some XML based subtitles decoder

Benjamin Drung (bdrung)
security vulnerability: no → yes
Revision history for this message
Benjamin Drung (bdrung) wrote :

Here are the debdiffs for maverick-security (vlc_1.1.4-1ubuntu1.3) and lucid-security (vlc_1.0.6-1ubuntu1.4). Both build on amd64. The security issue will be closed in natty with the upstream release 1.1.6, which will land in natty soon.

Revision history for this message
Benjamin Drung (bdrung) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 1.1.6-1ubuntu1

---------------
vlc (1.1.6-1ubuntu1) natty; urgency=low

  * Merge from Debian experimental, remaining changes:
    - build and install the libx264 plugin

vlc (1.1.6-1) experimental; urgency=low

  [ Reinhard Tartler ]
  * Tighten some build dependencies (Closes: #605638)

  [ Benjamin Drung ]
  * New upstream release.
    - Fix heap buffer overflow in Real demuxer (CVE-2010-3907) (LP: #690173)
    - Fix blue face issue with X11 ouput (LP: #665298)
    - Fix crash with SIGSEGV in QMetaObject::activate() (LP: #448082)
    - Fix heap overflow in CDG decoder and XML heap corruption (LP: #707154)
  * Drop backported patches.
  * Tighten more build dependencies after reviewing configure.ac.
  * Update my email address.
  * Add lirc build failure fix patch.
  * Build depends on libgtk2.0-dev for notify module.
 -- Benjamin Drung <email address hidden> Tue, 25 Jan 2011 01:22:56 +0100

Changed in vlc (Ubuntu):
status: New → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for the debdiffs! ACK

Package are being built now, and will be released soon.

Changed in vlc (Ubuntu Lucid):
status: New → In Progress
Changed in vlc (Ubuntu Maverick):
status: New → In Progress
Changed in vlc (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in vlc (Ubuntu Maverick):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 1.1.4-1ubuntu1.3

---------------
vlc (1.1.4-1ubuntu1.3) maverick-security; urgency=low

  * SECURITY UPDATE: heap overflow in CDG decoder (LP: #707154)
    - debian/patches/cdg-heap-overflow.diff: Fix heap overflow in CDG
      decoder, thanks to Dan Rosenberg
  * SECURITY UPDATE: heap corruption in some XML based subtitles decoder
    - debian/patches/xml-heap-corruption.diff: Handle early termination
      properly in StripTags, thanks to Harry Sintonen
 -- Benjamin Drung <email address hidden> Mon, 24 Jan 2011 22:50:22 +0100

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 1.0.6-1ubuntu1.4

---------------
vlc (1.0.6-1ubuntu1.4) lucid-security; urgency=low

  * SECURITY UPDATE: heap overflow in CDG decoder (LP: #707154)
    - debian/patches/cdg-heap-overflow.diff: Fix heap overflow in CDG
      decoder, thanks to Dan Rosenberg
  * SECURITY UPDATE: heap corruption in some XML based subtitles decoder
    - debian/patches/xml-heap-corruption.diff: Handle early termination
      properly in StripTags, thanks to Harry Sintonen
 -- Benjamin Drung <email address hidden> Mon, 24 Jan 2011 22:59:31 +0100

Changed in vlc (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in vlc (Ubuntu Maverick):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.